CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1068
https://notcve.org/view.php?id=CVE-2021-1068
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges. NVIDIA SHIELD TV, todas las versiones anteriores a 8.2.2, contiene una vulnerabilidad en el componente NVDEC, en el cual un atacante puede leer o escribir en una ubicación de memoria que está fuera del límite previsto del búfer, lo que puede conllevar a la denegación de servicio o escalada de privilegios • https://nvidia.custhelp.com/app/answers/detail/a_id/5148 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0313
https://notcve.org/view.php?id=CVE-2021-0313
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. En la función isWordBreakAfter del archivo LayoutUtils.cpp, existe una posible manera de ralentizar o bloquear un TextView debido a una comprobación inapropiada de la entrada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0312
https://notcve.org/view.php?id=CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712. En la función WAVSource::read del archivo WAVExtractor.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. • https://source.android.com/security/bulletin/2021-01-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0311
https://notcve.org/view.php?id=CVE-2021-0311
In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631. En la función ElementaryStreamQueue::dequeueAccessUnitH264() del archivo ESQueue.cpp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0315
https://notcve.org/view.php?id=CVE-2021-0315
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. En la función onCreate del archivo GrantCredentialsPermissionActivity.java, existe una posible manera de convencer al usuario de que otorgue acceso de aplicación a una cuenta debido a un ataque de tapjacking/overlay. • https://source.android.com/security/bulletin/2021-01-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •